WASHINGTON - Peter Sand, the new director of privacy technology at the U.S. Department of Homeland Security (DHS), walked
into a lunch meeting with what could have been a hostile crowd and told privacy advocates the agency is working hard to make
sure privacy rights are respected as the DHS fights terrorism.
A privacy discussion is part of every new technology DHS considers, Sand told attendees of the Electronic Privacy Information
Center's (EPIC) Freedom 2.0 conference Friday.
"The people who are building technologies really want to talk to the people working on privacy, and that happens on a daily
basis," said Sand, who joined the DHS privacy office three weeks ago. The DHS employees working on technologies such as biometrics
want to make sure they're complying with privacy regulations before the technology is rolled out, said Sand, a former chief
information officer in the Pennsylvania Attorney General's Office.
Sand also encouraged technologists in private industries to develop privacy policies at the same time they develop software,
not after the fact. Companies and U.S. agencies need "internal dialogs on privacy to make sure that as we're picking technical
standards, we're picking privacy standards," Sand said.
The Transportation Security Administration, part of DHS, has been criticized by some privacy advocates for its efforts to
create a new airline passenger screening program, called the Computer Assisted Passenger Pre-Screening System, or CAPPS II.
Sand didn't address CAPPS II, and it didn't come up in a brief question-and-answer session, but he followed an introduction
by Bruce Schneier, chief technology officer at Counterpane Internet Security Inc., who suggested that law enforcement agencies
shouldn't be responsible for monitoring their own privacy procedures.
Law enforcement and antiterrorism agencies have no incentive to engage the public in a debate on the trade-offs between law
enforcement and privacy if they believe they're doing a good job at protecting privacy, Schneier said. "You don't want to
put a justice organization in charge of justice trade-offs, because they'll always want more," he said.
Sand defended the DHS privacy office by saying the office has to report to the U.S. Congress as well as to the agency director.
The privacy office "in a very real way is an independent office within DHS," he said.
DHS has to comply with the Privacy Act of 1974, which requires U.S. agencies to comply with requests from U.S. residents about
what information is being collected about them, Sand said. Along with the Freedom of Information Act, which allows U.S. residents
to request agency documents, and the E-Government Act of 2002, which focuses on how electronic data is collected, the agency
has strong rules in place requiring it to protect privacy, Sand said.
U.S. agencies will find the right balance between privacy and security, and debates about the line between the two are healthy,
Sand said. "It's the difference between 'could' versus 'should,'" he said. "There's a lot of things we could do, but the question
is, should we do them?"
The climate in the U.S. right now is a "perfect storm" combination of emerging powerful technologies like biometrics and the
effort to fight terrorism, Sand said.
U.S. residents need to be able to feel they have the space to be free, he added. "The challenge is how to balance the protection
of that space without losing the progress we've had in the information age," he said.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
